M

RGDP & Cookies

PROTECTION CHARTER PERSONAL DATA OF USERS OF THE CFI PLATFORM

This Charter applies to all Users of the CFI platform, accessible from the Internet address: https://ac.cfi.fr and supplements its general terms and conditions of use.

1. Definition and nature of personal data

When you use the Platform, we may ask you to provide us with personal data about you.

The term “personal data” refers to all data which make it possible to identify, directly or indirectly, an individual.

➢ Information you provide us with:

When you open your Account, you are required to provide us with the following information: surname, first name, postal address, e-mail address, telephone number and date of birth.

➢ Information that we automatically collect when you use the Platform

When you use the Platform and for the proper execution of the services, we may also collect personal data about you automatically through the tools and services offered on the Platform. In particular, we collect the following data:

o Information on the use of the Platform’s tools and functionalities: we collect information about your interactions with the Platform, in particular, the pages and sections consulted on the Platform, the links you clicked on;
o Connection information and information about the equipment and devices you use to connect to the Platform: we collect the connection data of the devices you use to connect to the Platform, including your IP address, connection dates and times, crash data, device identification data, pages viewed or displayed before or after you connect to the Platform.

2. Purpose of this charter

The purpose of this charter is to inform you about the means we use to collect and process your personal data, in strict compliance with your rights.

In this regard, we inform you that we comply, in the collection and management of your personal data, with French law n° 78-17 of 6 January 1978 relating to

information technology, files and freedoms, in its current version, as well as the General Data Protection Regulations (RGPD).

3. Identity of the person responsible for data collection and processing

The person responsible for collecting and processing your personal data is CFI.

4. Collection and processing of personal data

Your personal data are collected and processed for one or more of the following purposes:

(i) Manage your access to and use of certain services accessible on the Platform, as well as respond to any requests regarding your use of the Services;
(ii) Establish a file of registered members and Users;
(iii) To send newsletters, solicitations and promotional messages. In the event that you do not wish to do so, we give you the opportunity to express your refusal to do so when collecting your data;
(iv) Develop trade and service attendance statistics;
(v) Organize contests, lotteries and all promotional operations excluding online gambling and games of chance subject to the approval of the Regulatory Authority for Online Games;
(vi) Manage the management of people’s opinions on the Services;
(vii) Comply with our legal and regulatory obligations.

When collecting your personal data, we inform you whether certain data must be provided or whether they are optional. We also inform you of the possible consequences of a failure to respond.

5. Recipients of the data collected and processed

Only the staff of our association, the services in charge of control (auditor in particular) and our subcontractors will have access to your personal data.

Public bodies may also be recipients of your personal data, exclusively to meet our legal obligations, court officers, ministerial officers.

6. Transfer of personal data

Your personal data may be transferred, rented or exchanged for the benefit of third parties. If you wish, we give you the option to tick a box indicating your agreement to this when collecting your data.

However, you are informed that we reserve the right to disclose your data to third parties in completely anonymous and aggregated form, i.e. in a form that does not allow you to be identified in any way.

7. Storage period for personal data

(i) Concerning data relating to the management of Users:

Your personal data will not be stored for longer than is strictly necessary to manage our business relationship with you. However, the data used to establish proof of a right or contract, which must be kept in order to comply with a legal obligation, will be kept for the period provided for by the law in force, i.e. a period of 5 years.

Concerning possible prospecting operations for customers, their data may be kept for a period of 3 years from the end of the commercial relationship.

Personal data relating to a prospect who is not a customer may be kept for a period of 3 years from the time they are collected or the last contact made by the prospect.

At the end of this 3-year period, we will be able to contact you again to find out if you wish to continue to receive commercial solicitations.

(ii) Concerning identity documents:

In the event of exercise of the right of access or rectification, data relating to identity documents may be kept for the period provided for in Article 9 of the Code of Criminal Procedure, namely one year. In the event of exercise of the right of objection, this data may be archived during the limitation period provided for in Article 8 of the Code of Criminal Procedure, i.e. 3 years.

(iii) Concerning the management of opposition lists to receive prospecting:

The information allowing your right of opposition to be taken into account is kept for a minimum of 3 years from the exercise of the right of opposition.

(iv) Concerning audience measurement statistics:

Information stored in the users’ terminal or any other element used to identify users and allowing their traceability or attendance will not be kept for more than 13 months.

8. Safety and security

We inform you to take all appropriate precautions, organisational and technical measures to preserve the security, integrity and confidentiality of your personal data and in particular to prevent them from being distorted, damaged or accessed by unauthorised third parties.

9. Accommodation

We inform you that your data is stored and stored, for the entire duration of their storage on the servers of the company Cognix Systems, located in France, at 50 Rue Paul Langevin, 35200 Rennes, in the European Union.

Your data will not be transferred outside the European Union in connection with the use of the services we offer you.

10. Cookies

Cookies are text files, often encrypted, stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website server.

There are three types of cookies, which do not have the same purposes: technical cookies, social network cookies and advertising cookies:

➢ Technical cookies are used throughout your browsing experience to make it easier and to perform certain functions. For example, a technical cookie can be used to store the answers provided in a form or the user’s preferences regarding the language or presentation of a website, when such options are available.

➢ Social network cookies can be created by social platforms to allow website designers to share the content of their site on those platforms. In particular, these cookies may be used by social platforms to track the navigation of Internet users on the website concerned, whether or not they use these cookies.

➢ Advertising cookies can be created not only by the website on which the user navigates, but also by other websites displaying ads, announcements, widgets or other elements on the page displayed. In particular, these cookies can be used to carry out targeted advertising, i.e. advertising determined according to the user’s navigation.

We use technical cookies. These are stored in your browser for a period of 13 months.

We do not use advertising cookies. However, if we were to use them in the future, we would inform you in advance and you would have the option to disable these cookies if necessary.

We also do not use social network cookies. If we were to use them, we would inform you in advance, and give you any information on their nature, the means of accepting or refusing them.

We use Google Analytics which is a statistical audience analysis tool that generates a cookie to measure the number of visits to the Platform or Application, the number of pages viewed and visitor activity. Your IP address is also collected to determine the city from which you are connecting. The storage period of this cookie is mentioned in Article 7 of this charter.

We remind you for all intents and purposes that it is possible for you to prevent the deposit of cookies by configuring your browser. However, such a refusal could prevent the Platform or Application from functioning properly.

11. Consent

When you choose to provide your personal data, you expressly consent to the collection and processing of your personal data in accordance with the provisions of this Privacy Policy and applicable law.

For any use of your data that is not provided for in this Charter, we will seek your consent again before any further processing.

12. Access to your personal data

In accordance with the law n° 78-17 of 6 January 1978 relating to data processing, files and freedoms, as well as the RGPD, you have the right to access your data to obtain communication and, if necessary, rectification or deletion of data concerning you, by sending a request to us at the following address:

– e-mail address: contact@ac.cfi.fr

It is recalled that any person may, for legitimate reasons, request a limitation to the processing of data concerning him or her or oppose such processing.

We inform you that in the event of rectification or deletion of your personal data, as well as the limitation of processing, carried out following a request from you, we will notify the persons to whom we have communicated your data of the said modifications, unless such communication is impossible.

13. Portability of your personal data

You have a right to the portability of the personal data you have provided us, understood as the data you have actively and consciously declared in connection with access to and use of the services, as well as the data generated by your activity in connection with the use of the services. We remind you that this right does not apply to data collected and processed on a legal basis other than the consent or performance of the contract binding us.

This right can be exercised free of charge, at any time, and in particular when closing your account on the Platform, in order to retrieve and store your personal data.

In this context, we will send you your personal data, by any means deemed necessary, in an open standard format commonly used and machine-readable, in accordance with the state of the art.

14. Making a complaint to a supervisory authority

You are also informed that you have the right to lodge a complaint with a competent supervisory authority (the Commission Nationale Informatique et Libertés pour la France), in the Member State in which your habitual residence, workplace or place where the violation of your rights would have been committed, if you consider that the processing of your personal data covered by this Charter constitutes a violation of the applicable texts.

This remedy may be exercised without prejudice to any other remedy before an administrative or judicial court. You also have the right to an effective administrative or judicial remedy if you consider that the processing of your personal data covered by this Charter constitutes a violation of the applicable texts.

15. Communication relating to a violation of personal data

If we notice a security breach in the processing of your data that could lead to a high risk to your rights and freedoms, we will inform you as soon as possible. We will detail to you on this occasion the nature of the violation encountered and the measures put in place to put an end to it.

16. Amendments to the Regulations

We reserve the right, at our sole discretion, to modify this policy in whole or in part at any time. These amendments will come into force as of the publication of the new charter. Your use of the Platform following the entry into force of these changes will constitute recognition and acceptance of the new charter. Failing this, and if this new charter does not suit you, you will no longer have to access the Platform.

17. Entry into force

This charter came into force on November 20, 2018.